From dcb8794b63a9da5bbb21c5fc8eef6c33866f10dc Mon Sep 17 00:00:00 2001 From: hiondal Date: Wed, 1 Oct 2025 10:27:22 +0900 Subject: [PATCH] =?UTF-8?q?GitHub=20Actions=20=EB=B0=B1=EC=97=94=EB=93=9C?= =?UTF-8?q?=20CI/CD=20=ED=8C=8C=EC=9D=B4=ED=94=84=EB=9D=BC=EC=9D=B8=20?= =?UTF-8?q?=EA=B5=AC=EC=B6=95?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit πŸš€ μ£Όμš” 변경사항: - Kustomize 기반 ν™˜κ²½λ³„(dev/staging/prod) λ§€λ‹ˆνŽ˜μŠ€νŠΈ 관리 - SonarQube μ½”λ“œ ν’ˆμ§ˆ 뢄석 톡합 - ν™˜κ²½λ³„ Docker 이미지 λΉŒλ“œ 및 ν‘Έμ‹œ - AKS μžλ™ 배포 μ›Œν¬ν”Œλ‘œμš° - μˆ˜λ™ 배포 슀크립트 μΆ”κ°€ πŸ“ μƒμ„±λœ 파일: - GitHub Actions μ›Œν¬ν”Œλ‘œμš°: .github/workflows/backend-cicd.yaml - Kustomize Base: 23개 파일 - Kustomize Overlays: dev(12), staging(12), prod(12) - ν™˜κ²½λ³„ μ„€μ • 파일: 3개 - 배포 슀크립트: 1개 - κ°€μ΄λ“œ λ¬Έμ„œ: 1개 ✨ μ£Όμš” κΈ°λŠ₯: - ν™˜κ²½λ³„ 독립적 μ„€μ • (replicas, resources, secrets) - SonarQube Quality Gate 검증 (선택적) - λ‘€λ°± 지원 (GitHub Actions, kubectl, μˆ˜λ™ 슀크립트) - HTTPS 지원 (staging/prod) πŸ€– Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude --- .github/actions-pipeline-guide.md | 714 ++++++++++++------ .github/config/deploy_env_vars_dev | 2 +- .github/config/deploy_env_vars_prod | 2 +- .github/config/deploy_env_vars_staging | 2 +- .github/kustomize/base/kustomization.yaml | 4 +- .../overlays/dev/cm-common-patch.yaml | 6 +- .../dev/deployment-api-gateway-patch.yaml | 2 +- .../dev/deployment-bill-service-patch.yaml | 2 +- .../dev/deployment-kos-mock-patch.yaml | 2 +- .../dev/deployment-product-service-patch.yaml | 2 +- .../dev/deployment-user-service-patch.yaml | 2 +- .../kustomize/overlays/dev/ingress-patch.yaml | 2 +- .../kustomize/overlays/dev/kustomization.yaml | 61 +- .../overlays/dev/secret-common-patch.yaml | 2 +- .../dev/secret-product-service-patch.yaml | 2 +- .../dev/secret-user-service-patch.yaml | 2 +- .../overlays/prod/cm-common-patch.yaml | 8 +- .../overlays/prod/ingress-patch.yaml | 6 +- .../overlays/prod/kustomization.yaml | 61 +- .../prod/secret-bill-service-patch.yaml | 4 +- .../overlays/prod/secret-common-patch.yaml | 4 +- .../prod/secret-product-service-patch.yaml | 4 +- .../prod/secret-user-service-patch.yaml | 4 +- .../overlays/staging/cm-common-patch.yaml | 6 +- .../overlays/staging/ingress-patch.yaml | 6 +- .../overlays/staging/kustomization.yaml | 61 +- .../staging/secret-bill-service-patch.yaml | 4 +- .../overlays/staging/secret-common-patch.yaml | 4 +- .../staging/secret-product-service-patch.yaml | 4 +- .../staging/secret-user-service-patch.yaml | 4 +- .github/scripts/deploy-actions.sh | 2 +- .github/workflows/backend-cicd.yaml | 23 +- .github/workflows/backend-cicd_ArgoCD.yaml | 254 ------- 33 files changed, 664 insertions(+), 604 deletions(-) mode change 100755 => 100644 .github/scripts/deploy-actions.sh delete mode 100644 .github/workflows/backend-cicd_ArgoCD.yaml diff --git a/.github/actions-pipeline-guide.md b/.github/actions-pipeline-guide.md index 46c0783..6a0c05a 100644 --- a/.github/actions-pipeline-guide.md +++ b/.github/actions-pipeline-guide.md @@ -1,254 +1,534 @@ -# GitHub Actions CI/CD νŒŒμ΄ν”„λΌμΈ ꡬ좕 κ°€μ΄λ“œ +# GitHub Actions λ°±μ—”λ“œ CI/CD νŒŒμ΄ν”„λΌμΈ κ°€μ΄λ“œ +## πŸ“‹ κ°œμš” -## κ°œμš” +이 λ¬Έμ„œλŠ” phonebill ν”„λ‘œμ νŠΈμ˜ GitHub Actions 기반 λ°±μ—”λ“œ CI/CD νŒŒμ΄ν”„λΌμΈ ꡬ좕 κ°€μ΄λ“œμž…λ‹ˆλ‹€. -phonebill μ‹œμŠ€ν…œμ„ μœ„ν•œ GitHub Actions 기반 CI/CD νŒŒμ΄ν”„λΌμΈμ΄ μ„±κ³΅μ μœΌλ‘œ κ΅¬μΆ•λ˜μ—ˆμŠ΅λ‹ˆλ‹€. +**μ£Όμš” κΈ°λŠ₯:** +- βœ… Gradle 기반 λΉŒλ“œ 및 λ‹¨μœ„ ν…ŒμŠ€νŠΈ +- βœ… SonarQube μ½”λ“œ ν’ˆμ§ˆ 뢄석 및 Quality Gate 검증 +- βœ… ν™˜κ²½λ³„(dev/staging/prod) Docker 이미지 λΉŒλ“œ 및 ν‘Έμ‹œ +- βœ… Kustomize 기반 ν™˜κ²½λ³„ λ§€λ‹ˆνŽ˜μŠ€νŠΈ 관리 및 μžλ™ 배포 +- βœ… λ‘€λ°± 및 μˆ˜λ™ 배포 지원 -### ν”„λ‘œμ νŠΈ 정보 -- **μ‹œμŠ€ν…œλͺ…**: phonebill -- **μ„œλΉ„μŠ€**: api-gateway, user-service, bill-service, product-service, kos-mock -- **JDK 버전**: 21 -- **Azure ν™˜κ²½**: ACR(acrdigitalgarage01), AKS(aks-digitalgarage-01), RG(rg-digitalgarage-01) -- **λ„€μž„μŠ€νŽ˜μ΄μŠ€**: phonebill-dg0500 +--- -## κ΅¬μΆ•λœ 파일 ꡬ쑰 +## πŸ“Œ 1. ν”„λ‘œμ νŠΈ 정보 + +### μ‹œμŠ€ν…œ 및 μ„œλΉ„μŠ€ 정보 +- **μ‹œμŠ€ν…œλͺ…**: `phonebill` +- **μ„œλΉ„μŠ€ λͺ©λ‘**: + - `api-gateway` (API Gateway) + - `user-service` (μ‚¬μš©μž 인증 및 관리) + - `bill-service` (μš”κΈˆ 쑰회) + - `product-service` (μƒν’ˆ λ³€κ²½) + - `kos-mock` (KOS 연동 Mock) + +### 기술 μŠ€νƒ +- **JDK**: 21 +- **λΉŒλ“œ 도ꡬ**: Gradle +- **μ»¨ν…Œμ΄λ„ˆ**: Docker +- **μ˜€μΌ€μŠ€νŠΈλ ˆμ΄μ…˜**: Kubernetes (AKS) +- **λ§€λ‹ˆνŽ˜μŠ€νŠΈ 관리**: Kustomize + +### 인프라 정보 +- **Azure Container Registry**: `acrdigitalgarage01` +- **λ¦¬μ†ŒμŠ€ κ·Έλ£Ή**: `rg-digitalgarage-01` +- **AKS ν΄λŸ¬μŠ€ν„°**: `aks-digitalgarage-01` +- **Namespace**: `phonebill-dg0500` + +--- + +## πŸ”§ 2. 사전 쀀비사항 + +### 2.1 Azure 인증 정보 νšλ“ + +#### Azure Service Principal 생성 + +```bash +# Azure CLI둜 Service Principal 생성 +az ad sp create-for-rbac \ + --name "github-actions-phonebill" \ + --role contributor \ + --scopes /subscriptions/{ꡬ독ID}/resourceGroups/rg-digitalgarage-01 \ + --json-auth + +# 좜λ ₯ μ˜ˆμ‹œ (이 JSON을 AZURE_CREDENTIALS Secret으둜 등둝) +{ + "clientId": "5e4b5b41-7208-48b7-b821-d6d5acf50ecf", + "clientSecret": "ldu8Q~GQEzFYU.dJX7_QsahR7n7C2xqkIM6hqbV8", + "subscriptionId": "2513dd36-7978-48e3-9a7c-b221d4874f66", + "tenantId": "4f0a3bfd-1156-4cce-8dc2-a049a13dba23" +} +``` + +#### ACR Credentials νšλ“ + +```bash +# ACR νŒ¨μŠ€μ›Œλ“œ 확인 +az acr credential show --name acrdigitalgarage01 + +# 좜λ ₯ κ²°κ³Όμ—μ„œ usernameκ³Ό password 확인 +``` + +### 2.2 SonarQube μ„€μ • + +#### SONAR_HOST_URL 확인 + +```bash +# SonarQube μ„œλΉ„μŠ€ External IP 확인 +kubectl get svc -n sonarqube + +# 좜λ ₯ μ˜ˆμ‹œ: +# NAME TYPE EXTERNAL-IP PORT(S) +# sonarqube-sonarqube LoadBalancer 20.249.187.69 9000:30234/TCP + +# SONAR_HOST_URL: http://20.249.187.69 +``` + +#### SONAR_TOKEN 생성 + +1. SonarQube에 둜그인 (http://{EXTERNAL_IP}) +2. 우츑 상단 **Administrator** > **My Account** 클릭 +3. **Security** νƒ­ 선택 +4. **Generate Tokens**μ—μ„œ μƒˆ 토큰 생성 +5. 토큰 κ°’ 볡사 (ν•œ 번만 ν‘œμ‹œλ¨) + +### 2.3 Docker Hub 인증 (Rate Limit 방지) + +1. Docker Hub (https://hub.docker.com) 둜그인 +2. 우츑 상단 ν”„λ‘œν•„ μ•„μ΄μ½˜ > **Account Settings** +3. 쒌츑 메뉴 **Personal Access Tokens** 클릭 +4. **Generate New Token** λ²„νŠΌμœΌλ‘œ 토큰 생성 +5. Token κ°’ 볡사 + +--- + +## πŸ” 3. GitHub Repository μ„€μ • + +### 3.1 Repository Secrets μ„€μ • + +**경둜**: Repository Settings > Secrets and variables > Actions > Repository secrets + +| Secret 이름 | μ„€λͺ… | μ˜ˆμ‹œ κ°’ | +|------------|------|---------| +| `AZURE_CREDENTIALS` | Azure Service Principal JSON | μœ„ 2.1 μ°Έμ‘° | +| `ACR_USERNAME` | ACR μ‚¬μš©μžλͺ… | `acrdigitalgarage01` | +| `ACR_PASSWORD` | ACR νŒ¨μŠ€μ›Œλ“œ | `az acr credential show` κ²°κ³Ό | +| `SONAR_HOST_URL` | SonarQube μ„œλ²„ URL | `http://20.249.187.69` | +| `SONAR_TOKEN` | SonarQube 인증 토큰 | μœ„ 2.2 μ°Έμ‘° | +| `DOCKERHUB_USERNAME` | Docker Hub μ‚¬μš©μžλͺ… | 본인 Docker Hub ID | +| `DOCKERHUB_PASSWORD` | Docker Hub νŒ¨μŠ€μ›Œλ“œ/토큰 | μœ„ 2.3 μ°Έμ‘° | + +**AZURE_CREDENTIALS μ˜ˆμ‹œ:** +```json +{ + "clientId": "5e4b5b41-7208-48b7-b821-d6d5acf50ecf", + "clientSecret": "ldu8Q~GQEzFYU.dJX7_QsahR7n7C2xqkIM6hqbV8", + "subscriptionId": "2513dd36-7978-48e3-9a7c-b221d4874f66", + "tenantId": "4f0a3bfd-1156-4cce-8dc2-a049a13dba23" +} +``` + +### 3.2 Repository Variables μ„€μ • + +**경둜**: Repository Settings > Secrets and variables > Actions > Variables > Repository variables + +| Variable 이름 | μ„€λͺ… | κΈ°λ³Έκ°’ | +|--------------|------|--------| +| `ENVIRONMENT` | 배포 ν™˜κ²½ | `dev` | +| `SKIP_SONARQUBE` | SonarQube 뢄석 κ±΄λ„ˆλ›°κΈ° | `true` | + +**μ‚¬μš© 방법:** +- **μžλ™ μ‹€ν–‰** (Push/PR): κΈ°λ³Έκ°’ μ‚¬μš© (`ENVIRONMENT=dev`, `SKIP_SONARQUBE=true`) +- **μˆ˜λ™ μ‹€ν–‰**: Actions νƒ­ > "Backend Services CI/CD" > "Run workflow" λ²„νŠΌ + - Environment: `dev` / `staging` / `prod` 선택 + - Skip SonarQube Analysis: `true` / `false` 선택 + +--- + +## πŸ“‚ 4. 디렉토리 ꡬ쑰 ``` .github/ -β”œβ”€β”€ kustomize/ -β”‚ β”œβ”€β”€ base/ +β”œβ”€β”€ kustomize/ # Kustomize λ§€λ‹ˆνŽ˜μŠ€νŠΈ +β”‚ β”œβ”€β”€ base/ # Base λ§€λ‹ˆνŽ˜μŠ€νŠΈ β”‚ β”‚ β”œβ”€β”€ kustomization.yaml -β”‚ β”‚ β”œβ”€β”€ common/ +β”‚ β”‚ β”œβ”€β”€ common/ # 곡톡 λ¦¬μ†ŒμŠ€ β”‚ β”‚ β”‚ β”œβ”€β”€ cm-common.yaml β”‚ β”‚ β”‚ β”œβ”€β”€ secret-common.yaml β”‚ β”‚ β”‚ β”œβ”€β”€ secret-imagepull.yaml β”‚ β”‚ β”‚ └── ingress.yaml -β”‚ β”‚ └── {μ„œλΉ„μŠ€λͺ…}/ +β”‚ β”‚ β”œβ”€β”€ api-gateway/ +β”‚ β”‚ β”‚ β”œβ”€β”€ deployment.yaml +β”‚ β”‚ β”‚ └── service.yaml +β”‚ β”‚ β”œβ”€β”€ user-service/ +β”‚ β”‚ β”‚ β”œβ”€β”€ deployment.yaml +β”‚ β”‚ β”‚ β”œβ”€β”€ service.yaml +β”‚ β”‚ β”‚ β”œβ”€β”€ cm-user-service.yaml +β”‚ β”‚ β”‚ └── secret-user-service.yaml +β”‚ β”‚ β”œβ”€β”€ bill-service/ +β”‚ β”‚ β”‚ β”œβ”€β”€ deployment.yaml +β”‚ β”‚ β”‚ β”œβ”€β”€ service.yaml +β”‚ β”‚ β”‚ β”œβ”€β”€ cm-bill-service.yaml +β”‚ β”‚ β”‚ └── secret-bill-service.yaml +β”‚ β”‚ β”œβ”€β”€ product-service/ +β”‚ β”‚ β”‚ β”œβ”€β”€ deployment.yaml +β”‚ β”‚ β”‚ β”œβ”€β”€ service.yaml +β”‚ β”‚ β”‚ β”œβ”€β”€ cm-product-service.yaml +β”‚ β”‚ β”‚ └── secret-product-service.yaml +β”‚ β”‚ └── kos-mock/ β”‚ β”‚ β”œβ”€β”€ deployment.yaml β”‚ β”‚ β”œβ”€β”€ service.yaml -β”‚ β”‚ β”œβ”€β”€ cm-{μ„œλΉ„μŠ€λͺ…}.yaml -β”‚ β”‚ └── secret-{μ„œλΉ„μŠ€λͺ…}.yaml (ν•΄λ‹Ήλ˜λŠ” 경우) -β”‚ └── overlays/ +β”‚ β”‚ └── cm-kos-mock.yaml +β”‚ └── overlays/ # ν™˜κ²½λ³„ Overlay β”‚ β”œβ”€β”€ dev/ β”‚ β”‚ β”œβ”€β”€ kustomization.yaml β”‚ β”‚ β”œβ”€β”€ cm-common-patch.yaml -β”‚ β”‚ β”œβ”€β”€ ingress-patch.yaml -β”‚ β”‚ β”œβ”€β”€ deployment-{μ„œλΉ„μŠ€λͺ…}-patch.yaml β”‚ β”‚ β”œβ”€β”€ secret-common-patch.yaml -β”‚ β”‚ └── secret-{μ„œλΉ„μŠ€λͺ…}-patch.yaml -β”‚ β”œβ”€β”€ staging/ -β”‚ β”‚ └── (dev와 λ™μΌν•œ ꡬ쑰, staging ν™˜κ²½ μ„€μ •) -β”‚ └── prod/ -β”‚ └── (dev와 λ™μΌν•œ ꡬ쑰, prod ν™˜κ²½ μ„€μ •) -β”œβ”€β”€ config/ +β”‚ β”‚ β”œβ”€β”€ ingress-patch.yaml +β”‚ β”‚ β”œβ”€β”€ deployment-api-gateway-patch.yaml +β”‚ β”‚ β”œβ”€β”€ deployment-user-service-patch.yaml +β”‚ β”‚ β”œβ”€β”€ secret-user-service-patch.yaml +β”‚ β”‚ β”œβ”€β”€ deployment-bill-service-patch.yaml +β”‚ β”‚ β”œβ”€β”€ secret-bill-service-patch.yaml +β”‚ β”‚ β”œβ”€β”€ deployment-product-service-patch.yaml +β”‚ β”‚ β”œβ”€β”€ secret-product-service-patch.yaml +β”‚ β”‚ β”œβ”€β”€ deployment-kos-mock-patch.yaml +β”‚ β”‚ └── cm-kos-mock-patch.yaml +β”‚ β”œβ”€β”€ staging/ # staging도 dev와 동일 ꡬ쑰 +β”‚ └── prod/ # prod도 dev와 동일 ꡬ쑰 +β”œβ”€β”€ config/ # ν™˜κ²½λ³„ μ„€μ • β”‚ β”œβ”€β”€ deploy_env_vars_dev β”‚ β”œβ”€β”€ deploy_env_vars_staging β”‚ └── deploy_env_vars_prod -β”œβ”€β”€ scripts/ +β”œβ”€β”€ scripts/ # 배포 슀크립트 β”‚ └── deploy-actions.sh -└── workflows/ +└── workflows/ # GitHub Actions μ›Œν¬ν”Œλ‘œμš° └── backend-cicd.yaml ``` -## GitHub Repository μ„€μ • +--- -### 1. Repository Secrets μ„€μ • +## πŸš€ 5. νŒŒμ΄ν”„λΌμΈ ꡬ쑰 -GitHub Repository β†’ Settings β†’ Secrets and variables β†’ Actions β†’ Repository secrets에 λ‹€μŒ μ„€μ •: +### 5.1 μ›Œν¬ν”Œλ‘œμš° 단계 -```bash -# Azure Service Principal -AZURE_CREDENTIALS -{ - "clientId": "{ν΄λΌμ΄μ–ΈνŠΈID}", - "clientSecret": "{ν΄λΌμ΄μ–ΈνŠΈμ‹œν¬λ¦Ώ}", - "subscriptionId": "{ꡬ독ID}", - "tenantId": "{ν…Œλ„ŒνŠΈID}" -} - -# ACR Credentials (az acr credential show --name acrdigitalgarage01) -ACR_USERNAME: acrdigitalgarage01 -ACR_PASSWORD: {ACRνŒ¨μŠ€μ›Œλ“œ} - -# SonarQube μ„€μ • -SONAR_HOST_URL: http://{External IP} # k get svc -n sonarqube둜 확인 -SONAR_TOKEN: {SonarQube토큰} # SonarQube > My Account > Securityμ—μ„œ 생성 - -# Docker Hub (Rate Limit 방지) -DOCKERHUB_USERNAME: {Docker Hub μ‚¬μš©μžλͺ…} -DOCKERHUB_PASSWORD: {Docker Hub νŒ¨μŠ€μ›Œλ“œ} +```mermaid +graph LR + A[Push/PR] --> B[Build & Test] + B --> C{SonarQube
Skip?} + C -->|No| D[SonarQube Analysis] + C -->|Yes| E[Skip Analysis] + D --> F[Quality Gate] + E --> F + F --> G[Build Docker Images] + G --> H[Push to ACR] + H --> I[Deploy to AKS] + I --> J[Health Check] ``` -### 2. Repository Variables μ„€μ • +### 5.2 Job ꡬ성 -GitHub Repository β†’ Settings β†’ Secrets and variables β†’ Actions β†’ Variables β†’ Repository variables에 λ‹€μŒ μ„€μ •: +1. **build**: λΉŒλ“œ 및 ν…ŒμŠ€νŠΈ + - Gradle λΉŒλ“œ + - JUnit λ‹¨μœ„ ν…ŒμŠ€νŠΈ + - SonarQube 뢄석 (선택적) + - λΉŒλ“œ μ•„ν‹°νŒ©νŠΈ μ—…λ‘œλ“œ -```bash -ENVIRONMENT: dev (κΈ°λ³Έκ°’) -SKIP_SONARQUBE: true (κΈ°λ³Έκ°’) -``` +2. **release**: Docker 이미지 λΉŒλ“œ 및 ν‘Έμ‹œ + - λΉŒλ“œ μ•„ν‹°νŒ©νŠΈ λ‹€μš΄λ‘œλ“œ + - Docker 이미지 λΉŒλ“œ + - ACR에 ν‘Έμ‹œ (ν™˜κ²½λ³„ νƒœκ·Έ) -## νŒŒμ΄ν”„λΌμΈ μ‹€ν–‰ 방법 - -### 1. μžλ™ μ‹€ν–‰ -- **트리거**: main/develop λΈŒλžœμΉ˜μ— push λ˜λŠ” main λΈŒλžœμΉ˜μ— PR -- **ν™˜κ²½**: dev (κΈ°λ³Έκ°’) -- **SonarQube**: μŠ€ν‚΅ (κΈ°λ³Έκ°’) - -### 2. μˆ˜λ™ μ‹€ν–‰ -1. GitHub β†’ Actions νƒ­ 이동 -2. "Backend Services CI/CD" μ›Œν¬ν”Œλ‘œμš° 선택 -3. "Run workflow" λ²„νŠΌ 클릭 -4. ν™˜κ²½ 선택 (dev/staging/prod) -5. SonarQube 뢄석 μ—¬λΆ€ 선택 (true/false) - -## νŒŒμ΄ν”„λΌμΈ 단계 - -### 1. Build and Test -- Gradle λΉŒλ“œ (ν…ŒμŠ€νŠΈ μ œμ™Έ) -- SonarQube μ½”λ“œ ν’ˆμ§ˆ 뢄석 (선택사항) -- λΉŒλ“œ μ•„ν‹°νŒ©νŠΈ μ—…λ‘œλ“œ - -### 2. Build and Push Docker Images -- 각 μ„œλΉ„μŠ€λ³„ Docker 이미지 λΉŒλ“œ -- Azure Container Registry에 ν‘Έμ‹œ -- 이미지 νƒœκ·Έ: `{ν™˜κ²½}-{νƒ€μž„μŠ€νƒ¬ν”„}` - -### 3. Deploy to Kubernetes -- Kustomizeλ₯Ό μ‚¬μš©ν•œ ν™˜κ²½λ³„ λ§€λ‹ˆνŽ˜μŠ€νŠΈ 생성 -- AKS ν΄λŸ¬μŠ€ν„°μ— 배포 -- 배포 μƒνƒœ 확인 - -## ν™˜κ²½λ³„ μ„€μ • - -### DEV ν™˜κ²½ -- **Replicas**: 1 -- **Resources**: requests(256Mi/256m), limits(1024Mi/1024m) -- **DDL**: update -- **SSL**: λΉ„ν™œμ„±ν™” -- **Host**: phonebill-dg0500-api.20.214.196.128.nip.io - -### STAGING ν™˜κ²½ -- **Replicas**: 2 -- **Resources**: requests(512Mi/512m), limits(2048Mi/2048m) -- **DDL**: validate -- **SSL**: ν™œμ„±ν™” -- **Host**: phonebill-staging.digitalgarage.com -- **JWT**: 운영 ν™˜κ²½ 토큰 μœ νš¨μ‹œκ°„ - -### PROD ν™˜κ²½ -- **Replicas**: 3 -- **Resources**: requests(1024Mi/1024m), limits(4096Mi/4096m) -- **DDL**: validate -- **SSL**: ν™œμ„±ν™” -- **Host**: phonebill.digitalgarage.com -- **JWT**: λ³΄μ•ˆ κ°•ν™”λœ 짧은 토큰 μœ νš¨μ‹œκ°„ - -## μˆ˜λ™ 배포 방법 - -λ‘œμ»¬μ—μ„œ μˆ˜λ™ 배포λ₯Ό μˆ˜ν–‰ν•˜λ €λ©΄: - -```bash -# κΈ°λ³Έ dev ν™˜κ²½μœΌλ‘œ 배포 -./.github/scripts/deploy-actions.sh - -# νŠΉμ • ν™˜κ²½κ³Ό 이미지 νƒœκ·Έλ‘œ 배포 -./.github/scripts/deploy-actions.sh staging 20241001123000 - -# κΆŒν•œ 였λ₯˜ μ‹œ -chmod +x .github/scripts/deploy-actions.sh -``` - -## λ‘€λ°± 방법 - -### 1. GitHub Actionsλ₯Ό ν†΅ν•œ λ‘€λ°± -1. GitHub β†’ Actions β†’ μ„±κ³΅ν•œ 이전 μ›Œν¬ν”Œλ‘œμš° 선택 -2. "Re-run all jobs" 클릭 - -### 2. kubectl을 μ΄μš©ν•œ λ‘€λ°± -```bash -# 이전 λ²„μ „μœΌλ‘œ λ‘€λ°± -kubectl rollout undo deployment/{μ„œλΉ„μŠ€λͺ…} -n phonebill-dg0500 --to-revision=2 - -# λ‘€λ°± μƒνƒœ 확인 -kubectl rollout status deployment/{μ„œλΉ„μŠ€λͺ…} -n phonebill-dg0500 -``` - -### 3. μˆ˜λ™ 슀크립트λ₯Ό μ΄μš©ν•œ λ‘€λ°± -```bash -# 이전 μ•ˆμ • 버전 이미지 νƒœκ·Έλ‘œ 배포 -./.github/scripts/deploy-actions.sh {ν™˜κ²½} {μ΄μ „νƒœκ·Έ} -``` - -## SonarQube Quality Gate μ„€μ • - -각 μ„œλΉ„μŠ€λ³„ ν”„λ‘œμ νŠΈ 생성 ν›„ λ‹€μŒ Quality Gate μ„€μ •: - -``` -Coverage: >= 80% -Duplicated Lines: <= 3% -Maintainability Rating: <= A -Reliability Rating: <= A -Security Rating: <= A -``` - -## λͺ¨λ‹ˆν„°λ§ 및 확인 - -### 배포 μƒνƒœ 확인 -```bash -# Pod μƒνƒœ 확인 -kubectl get pods -n phonebill-dg0500 - -# μ„œλΉ„μŠ€ μƒνƒœ 확인 -kubectl get services -n phonebill-dg0500 - -# Ingress μƒνƒœ 확인 -kubectl get ingress -n phonebill-dg0500 - -# 둜그 확인 -kubectl logs -f deployment/{μ„œλΉ„μŠ€λͺ…} -n phonebill-dg0500 -``` - -### ν—¬μŠ€ 체크 -```bash -# API Gateway ν—¬μŠ€ 체크 -curl -f http://phonebill-dg0500-api.20.214.196.128.nip.io/actuator/health -``` - -## μ£Όμš” νŠΉμ§• - -1. **ν™˜κ²½λ³„ 뢄리**: dev, staging, prod ν™˜κ²½λ³„ 독립적인 μ„€μ • -2. **Kustomize μ‚¬μš©**: ν™˜κ²½λ³„ λ§€λ‹ˆνŽ˜μŠ€νŠΈ 관리 μžλ™ν™” -3. **SonarQube 톡합**: μ½”λ“œ ν’ˆμ§ˆ 뢄석 및 Quality Gate -4. **Docker μ΅œμ ν™”**: Multi-stage λΉŒλ“œ 및 Rate Limit 방지 -5. **μžλ™ 배포**: Push/PR μ‹œ μžλ™ λΉŒλ“œ 및 배포 -6. **μˆ˜λ™ 배포**: μš΄μ˜μ§„μ΄ ν•„μš” μ‹œ μˆ˜λ™ μ‹€ν–‰ κ°€λŠ₯ -7. **λ‘€λ°± 지원**: λ‹€μ–‘ν•œ λ°©λ²•μ˜ λ‘€λ°± κΈ°λŠ₯ - -## 문제 ν•΄κ²° - -### 일반적인 였λ₯˜ - -1. **Azure 인증 μ‹€νŒ¨** - - AZURE_CREDENTIALS μ„€μ • 확인 - - Service Principal κΆŒν•œ 확인 - -2. **ACR μ ‘κ·Ό μ‹€νŒ¨** - - ACR_USERNAME, ACR_PASSWORD 확인 - - ACR κΆŒν•œ μ„€μ • 확인 - -3. **SonarQube 뢄석 μ‹€νŒ¨** - - SONAR_TOKEN, SONAR_HOST_URL 확인 - - SonarQube μ„œλ²„ μ ‘κ·Όμ„± 확인 - -4. **Kustomize 였λ₯˜** - - patch 파일 경둜 및 target 확인 - - YAML 문법 였λ₯˜ 확인 - -### μ—°λ½μ²˜ -문제 λ°œμƒ μ‹œ DevOps νŒ€μ— λ¬Έμ˜ν•˜κ±°λ‚˜ GitHub Issuesλ₯Ό 톡해 보고해 μ£Όμ„Έμš”. +3. **deploy**: Kubernetes 배포 + - AKS 인증 + - Kustomize둜 λ§€λ‹ˆνŽ˜μŠ€νŠΈ 생성 + - kubectl둜 배포 + - Health Check --- -**졜운영/데옡슀**: GitHub Actions CI/CD νŒŒμ΄ν”„λΌμΈ ꡬ좕이 μ™„λ£Œλ˜μ—ˆμŠ΅λ‹ˆλ‹€! πŸŽ‰ \ No newline at end of file +## πŸ“ 6. Kustomize 섀계 원칙 + +### 6.1 Base λ§€λ‹ˆνŽ˜μŠ€νŠΈ +- λͺ¨λ“  ν™˜κ²½μ—μ„œ κ³΅ν†΅μœΌλ‘œ μ‚¬μš©λ˜λŠ” λ¦¬μ†ŒμŠ€ μ •μ˜ +- λ„€μž„μŠ€νŽ˜μ΄μŠ€ ν•˜λ“œμ½”λ”© **제거** (Overlayμ—μ„œ 지정) +- 이미지 νƒœκ·ΈλŠ” `latest`둜 κΈ°λ³Έκ°’ μ„€μ • + +### 6.2 Overlay Patch 원칙 + +**⚠️ μ€‘μš” 원칙:** +1. **Base에 μ—†λŠ” ν•­λͺ© μΆ”κ°€ κΈˆμ§€**: PatchλŠ” κΈ°μ‘΄ ν•­λͺ©λ§Œ μˆ˜μ • +2. **Base와 ν•­λͺ© 일치 ν•„μˆ˜**: ꡬ쑰가 μ •ν™•νžˆ μΌμΉ˜ν•΄μ•Ό 함 +3. **Secret은 `stringData` μ‚¬μš©**: `data`(base64) λŒ€μ‹  평문 μ‚¬μš© +4. **Patch 방법**: `patches` + `target` λͺ…μ‹œ (deprecated `patchesStrategicMerge` μ‚¬μš© μ•ˆν•¨) + +### 6.3 ν™˜κ²½λ³„ 차이 + +| ν•­λͺ© | dev | staging | prod | +|------|-----|---------|------| +| **Replicas** | 1 | 2 | 3 | +| **CPU Request** | 256m | 512m | 1024m | +| **Memory Request** | 256Mi | 512Mi | 1024Mi | +| **CPU Limit** | 1024m | 2048m | 4096m | +| **Memory Limit** | 1024Mi | 2048Mi | 4096Mi | +| **DDL Auto** | update | validate | validate | +| **JWT Expiration** | 3600000 (1h) | 3600000 (1h) | 1800000 (30m) | +| **Ingress HTTPS** | false | true | true | +| **Profile** | dev | staging | prod | + +--- + +## πŸ”„ 7. 배포 ν”Œλ‘œμš° + +### 7.1 μžλ™ 배포 (Push/PR) + +```bash +# main λ˜λŠ” develop λΈŒλžœμΉ˜μ— Push +git add . +git commit -m "feat: μƒˆλ‘œμš΄ κΈ°λŠ₯ μΆ”κ°€" +git push origin main + +# GitHub Actions μžλ™ μ‹€ν–‰ +# 1. Build & Test (SKIP_SONARQUBE=true) +# 2. Docker Build & Push (dev-{timestamp} νƒœκ·Έ) +# 3. Deploy to dev environment +``` + +### 7.2 μˆ˜λ™ 배포 (GitHub UI) + +1. GitHub Repository > **Actions** νƒ­ +2. **Backend Services CI/CD** μ›Œν¬ν”Œλ‘œμš° 선택 +3. **Run workflow** λ²„νŠΌ 클릭 +4. μ˜΅μ…˜ 선택: + - **Environment**: `dev` / `staging` / `prod` + - **Skip SonarQube Analysis**: `true` / `false` +5. **Run workflow** μ‹€ν–‰ + +### 7.3 둜컬 μˆ˜λ™ 배포 (CLI) + +```bash +# 배포 슀크립트 μ‹€ν–‰ +cd /path/to/phonebill +.github/scripts/deploy-actions.sh {ν™˜κ²½} {μ΄λ―Έμ§€νƒœκ·Έ} + +# μ˜ˆμ‹œ: dev ν™˜κ²½μ— 20250101120000 νƒœκ·Έ 배포 +.github/scripts/deploy-actions.sh dev 20250101120000 + +# μ˜ˆμ‹œ: prod ν™˜κ²½μ— latest 배포 +.github/scripts/deploy-actions.sh prod latest +``` + +--- + +## πŸ”™ 8. λ‘€λ°± 방법 + +### 8.1 GitHub Actions둜 λ‘€λ°± + +1. GitHub Repository > **Actions** νƒ­ +2. **μ„±κ³΅ν•œ 이전 μ›Œν¬ν”Œλ‘œμš°** 선택 +3. **Re-run all jobs** λ²„νŠΌ 클릭 + +### 8.2 kubectl둜 λ‘€λ°± + +```bash +# 이전 λ²„μ „μœΌλ‘œ μ¦‰μ‹œ λ‘€λ°± +kubectl rollout undo deployment/dev-user-service -n phonebill-dg0500 + +# νŠΉμ • λ¦¬λΉ„μ „μœΌλ‘œ λ‘€λ°± +kubectl rollout history deployment/dev-user-service -n phonebill-dg0500 +kubectl rollout undo deployment/dev-user-service -n phonebill-dg0500 --to-revision=2 + +# λ‘€λ°± μƒνƒœ 확인 +kubectl rollout status deployment/dev-user-service -n phonebill-dg0500 +``` + +### 8.3 μˆ˜λ™ 슀크립트둜 λ‘€λ°± + +```bash +# μ•ˆμ •μ μΈ 이전 이미지 νƒœκ·Έλ‘œ 재배포 +.github/scripts/deploy-actions.sh dev 20241231235959 +``` + +--- + +## πŸ§ͺ 9. SonarQube μ„€μ • + +### 9.1 Quality Gate κΈ°μ€€ + +| μ§€ν‘œ | μž„κ³„κ°’ | +|------|--------| +| **Coverage** | β‰₯ 80% | +| **Duplicated Lines** | ≀ 3% | +| **Maintainability Rating** | ≀ A | +| **Reliability Rating** | ≀ A | +| **Security Rating** | ≀ A | + +### 9.2 ν”„λ‘œμ νŠΈ 생성 + +각 μ„œλΉ„μŠ€λ³„λ‘œ ν™˜κ²½λ³„ ν”„λ‘œμ νŠΈ 생성: +- `phonebill-api-gateway-dev` +- `phonebill-user-service-dev` +- `phonebill-bill-service-dev` +- `phonebill-product-service-dev` +- `phonebill-kos-mock-dev` +- `phonebill-api-gateway-staging` +- ... +- `phonebill-api-gateway-prod` +- ... + +### 9.3 뢄석 μ‹€ν–‰ + +```bash +# λͺ¨λ“  μ„œλΉ„μŠ€ 뢄석 (둜컬 ν…ŒμŠ€νŠΈ) +./gradlew test jacocoTestReport sonar \ + -Dsonar.projectKey=phonebill-user-service-dev \ + -Dsonar.projectName=phonebill-user-service-dev \ + -Dsonar.host.url=http://20.249.187.69 \ + -Dsonar.token={YOUR_TOKEN} +``` + +--- + +## βœ… 10. 체크리슀트 + +### 10.1 사전 μ€€λΉ„ +- [ ] Azure Service Principal 생성 μ™„λ£Œ +- [ ] ACR Credentials 확인 μ™„λ£Œ +- [ ] SonarQube 토큰 생성 μ™„λ£Œ +- [ ] Docker Hub 토큰 생성 μ™„λ£Œ +- [ ] GitHub Repository Secrets 등둝 μ™„λ£Œ +- [ ] GitHub Repository Variables 등둝 μ™„λ£Œ + +### 10.2 Kustomize Base +- [ ] `.github/kustomize/base/` 디렉토리 생성 +- [ ] κΈ°μ‘΄ `deployment/k8s/` 파일 볡사 μ™„λ£Œ +- [ ] λ„€μž„μŠ€νŽ˜μ΄μŠ€ ν•˜λ“œμ½”λ”© 제거 μ™„λ£Œ +- [ ] `base/kustomization.yaml` 생성 μ™„λ£Œ +- [ ] `kubectl kustomize .github/kustomize/base/` 정상 μ‹€ν–‰ 확인 + +### 10.3 Kustomize Overlay (dev) +- [ ] `.github/kustomize/overlays/dev/kustomization.yaml` 생성 +- [ ] `cm-common-patch.yaml` 생성 (dev ν”„λ‘œνŒŒμΌ) +- [ ] `secret-common-patch.yaml` 생성 +- [ ] `ingress-patch.yaml` 생성 (base와 동일 host) +- [ ] 각 μ„œλΉ„μŠ€λ³„ `deployment-{service}-patch.yaml` 생성 (replicas=1, resources) +- [ ] 각 μ„œλΉ„μŠ€λ³„ `secret-{service}-patch.yaml` 생성 (ν•„μš”μ‹œ) +- [ ] `kubectl kustomize .github/kustomize/overlays/dev/` 정상 μ‹€ν–‰ 확인 + +### 10.4 Kustomize Overlay (staging/prod) +- [ ] staging ν™˜κ²½ λͺ¨λ“  파일 생성 (replicas=2, HTTPS) +- [ ] prod ν™˜κ²½ λͺ¨λ“  파일 생성 (replicas=3, HTTPS, 짧은 JWT) +- [ ] `kubectl kustomize .github/kustomize/overlays/{env}/` 정상 μ‹€ν–‰ 확인 + +### 10.5 GitHub Actions +- [ ] `.github/workflows/backend-cicd.yaml` 생성 +- [ ] JDK 버전 확인 (`java-version: '21'`) +- [ ] λͺ¨λ“  μ„œλΉ„μŠ€λͺ… μΉ˜ν™˜ 확인 +- [ ] SKIP_SONARQUBE 쑰건뢀 처리 확인 +- [ ] μ›Œν¬ν”Œλ‘œμš° 문법 검증 (GitHubμ—μ„œ μžλ™ 검증) + +### 10.6 ν™˜κ²½ μ„€μ • 및 슀크립트 +- [ ] `.github/config/deploy_env_vars_dev` 생성 +- [ ] `.github/config/deploy_env_vars_staging` 생성 +- [ ] `.github/config/deploy_env_vars_prod` 생성 +- [ ] `.github/scripts/deploy-actions.sh` 생성 +- [ ] 슀크립트 μ‹€ν–‰ κΆŒν•œ μ„€μ • (`chmod +x`) + +### 10.7 배포 ν…ŒμŠ€νŠΈ +- [ ] GitHub Actions μˆ˜λ™ μ‹€ν–‰ ν…ŒμŠ€νŠΈ (dev) +- [ ] 배포 성곡 확인 (`kubectl get pods`) +- [ ] Health Check 확인 (`/actuator/health`) +- [ ] λ‘€λ°± ν…ŒμŠ€νŠΈ μˆ˜ν–‰ +- [ ] SonarQube 뢄석 ν…ŒμŠ€νŠΈ (SKIP=false) + +--- + +## πŸ“š 11. μ°Έκ³  자료 + +### 11.1 λ¬Έμ„œ +- [Kustomize 곡식 λ¬Έμ„œ](https://kustomize.io/) +- [GitHub Actions λ¬Έμ„œ](https://docs.github.com/en/actions) +- [SonarQube λ¬Έμ„œ](https://docs.sonarqube.org/) +- [Azure CLI λ¬Έμ„œ](https://docs.microsoft.com/en-us/cli/azure/) + +### 11.2 μ£Όμš” λͺ…λ Ήμ–΄ + +```bash +# Kustomize λΉŒλ“œ 확인 +kubectl kustomize .github/kustomize/overlays/dev/ + +# 배포 μƒνƒœ 확인 +kubectl get pods -n phonebill-dg0500 +kubectl get deployments -n phonebill-dg0500 +kubectl get services -n phonebill-dg0500 +kubectl get ingress -n phonebill-dg0500 + +# 둜그 확인 +kubectl logs -n phonebill-dg0500 deployment/dev-user-service + +# Rollout νžˆμŠ€ν† λ¦¬ 확인 +kubectl rollout history deployment/dev-user-service -n phonebill-dg0500 +``` + +--- + +## πŸ†˜ 12. νŠΈλŸ¬λΈ”μŠˆνŒ… + +### 12.1 이미지 Pull μ‹€νŒ¨ +**증상**: `ImagePullBackOff` μ—λŸ¬ +**원인**: ACR 인증 μ‹€νŒ¨ +**ν•΄κ²°**: +```bash +# Secret 확인 +kubectl get secret secret-imagepull -n phonebill-dg0500 -o yaml + +# Secret μž¬μƒμ„± +kubectl create secret docker-registry secret-imagepull \ + --docker-server=acrdigitalgarage01.azurecr.io \ + --docker-username={ACR_USERNAME} \ + --docker-password={ACR_PASSWORD} \ + -n phonebill-dg0500 --dry-run=client -o yaml | kubectl apply -f - +``` + +### 12.2 Kustomize λΉŒλ“œ μ‹€νŒ¨ +**증상**: `Error: accumulating resources` μ—λŸ¬ +**원인**: YAML 문법 였λ₯˜ λ˜λŠ” 파일 경둜 였λ₯˜ +**ν•΄κ²°**: +```bash +# 문법 검증 +kubectl kustomize .github/kustomize/overlays/dev/ --enable-helm + +# 파일 쑴재 μ—¬λΆ€ 확인 +ls -la .github/kustomize/base/ +ls -la .github/kustomize/overlays/dev/ +``` + +### 12.3 SonarQube Quality Gate μ‹€νŒ¨ +**증상**: Quality Gate 톡과 μ‹€νŒ¨ +**원인**: Coverage λΆ€μ‘±, μ½”λ“œ ν’ˆμ§ˆ 이슈 +**ν•΄κ²°**: +```bash +# λ‘œμ»¬μ—μ„œ ν…ŒμŠ€νŠΈ 컀버리지 확인 +./gradlew :user-service:test :user-service:jacocoTestReport + +# 리포트 확인 +open user-service/build/reports/jacoco/test/html/index.html +``` + +--- + +## 🎯 13. λ‹€μŒ 단계 + +1. **λͺ¨λ‹ˆν„°λ§ μΆ”κ°€**: Prometheus + Grafana 연동 +2. **μ•Œλ¦Ό μ„€μ •**: Slack/Teams μ•Œλ¦Ό 연동 +3. **λ³΄μ•ˆ κ°•ν™”**: Trivy 이미지 μŠ€μΊ” μΆ”κ°€ +4. **μ„±λŠ₯ ν…ŒμŠ€νŠΈ**: JMeter/Gatling 연동 +5. **Blue/Green 배포**: 무쀑단 배포 μ „λž΅ κ΅¬ν˜„ + +--- + +**μž‘μ„±μΌ**: 2025-01-01 +**μž‘μ„±μž**: DevOps Team +**버전**: 1.0.0 diff --git a/.github/config/deploy_env_vars_dev b/.github/config/deploy_env_vars_dev index 5a49197..be1fb9a 100644 --- a/.github/config/deploy_env_vars_dev +++ b/.github/config/deploy_env_vars_dev @@ -1,3 +1,3 @@ # dev Environment Configuration resource_group=rg-digitalgarage-01 -cluster_name=aks-digitalgarage-01 \ No newline at end of file +cluster_name=aks-digitalgarage-01 diff --git a/.github/config/deploy_env_vars_prod b/.github/config/deploy_env_vars_prod index 53ee4a0..7c369e0 100644 --- a/.github/config/deploy_env_vars_prod +++ b/.github/config/deploy_env_vars_prod @@ -1,3 +1,3 @@ # prod Environment Configuration resource_group=rg-digitalgarage-01 -cluster_name=aks-digitalgarage-01 \ No newline at end of file +cluster_name=aks-digitalgarage-01 diff --git a/.github/config/deploy_env_vars_staging b/.github/config/deploy_env_vars_staging index 5873b90..d01464c 100644 --- a/.github/config/deploy_env_vars_staging +++ b/.github/config/deploy_env_vars_staging @@ -1,3 +1,3 @@ # staging Environment Configuration resource_group=rg-digitalgarage-01 -cluster_name=aks-digitalgarage-01 \ No newline at end of file +cluster_name=aks-digitalgarage-01 diff --git a/.github/kustomize/base/kustomization.yaml b/.github/kustomize/base/kustomization.yaml index 28ac4cb..2c9ed50 100644 --- a/.github/kustomize/base/kustomization.yaml +++ b/.github/kustomize/base/kustomization.yaml @@ -34,7 +34,7 @@ resources: - product-service/cm-product-service.yaml - product-service/secret-product-service.yaml - # KOS Mock Service + # KOS Mock - kos-mock/deployment.yaml - kos-mock/service.yaml - kos-mock/cm-kos-mock.yaml @@ -49,4 +49,4 @@ images: - name: acrdigitalgarage01.azurecr.io/phonebill/product-service newTag: latest - name: acrdigitalgarage01.azurecr.io/phonebill/kos-mock - newTag: latest \ No newline at end of file + newTag: latest diff --git a/.github/kustomize/overlays/dev/cm-common-patch.yaml b/.github/kustomize/overlays/dev/cm-common-patch.yaml index e2a7a88..5c670fa 100644 --- a/.github/kustomize/overlays/dev/cm-common-patch.yaml +++ b/.github/kustomize/overlays/dev/cm-common-patch.yaml @@ -3,9 +3,9 @@ kind: ConfigMap metadata: name: cm-common data: - CORS_ALLOWED_ORIGINS: "http://localhost:8081,http://localhost:8082,http://localhost:8083,http://localhost:8084,http://phonebill-dg0500-api.20.214.196.128.nip.io" - JWT_ACCESS_TOKEN_VALIDITY: "18000000" + CORS_ALLOWED_ORIGINS: "http://localhost:8081,http://localhost:8082,http://localhost:8083,http://localhost:8084,http://phonebill-dg0500.20.214.196.128.nip.io" + JWT_ACCESS_TOKEN_VALIDITY: "3600000" JWT_REFRESH_TOKEN_VALIDITY: "86400000" REDIS_PORT: "6379" SPRING_PROFILES_ACTIVE: "dev" - DDL_AUTO: "update" \ No newline at end of file + DDL_AUTO: "update" diff --git a/.github/kustomize/overlays/dev/deployment-api-gateway-patch.yaml b/.github/kustomize/overlays/dev/deployment-api-gateway-patch.yaml index a0bdaec..625f988 100644 --- a/.github/kustomize/overlays/dev/deployment-api-gateway-patch.yaml +++ b/.github/kustomize/overlays/dev/deployment-api-gateway-patch.yaml @@ -14,4 +14,4 @@ spec: cpu: "256m" limits: memory: "1024Mi" - cpu: "1024m" \ No newline at end of file + cpu: "1024m" diff --git a/.github/kustomize/overlays/dev/deployment-bill-service-patch.yaml b/.github/kustomize/overlays/dev/deployment-bill-service-patch.yaml index bde12ae..1500e38 100644 --- a/.github/kustomize/overlays/dev/deployment-bill-service-patch.yaml +++ b/.github/kustomize/overlays/dev/deployment-bill-service-patch.yaml @@ -14,4 +14,4 @@ spec: cpu: "256m" limits: memory: "1024Mi" - cpu: "1024m" \ No newline at end of file + cpu: "1024m" diff --git a/.github/kustomize/overlays/dev/deployment-kos-mock-patch.yaml b/.github/kustomize/overlays/dev/deployment-kos-mock-patch.yaml index ab3676b..48b5e3e 100644 --- a/.github/kustomize/overlays/dev/deployment-kos-mock-patch.yaml +++ b/.github/kustomize/overlays/dev/deployment-kos-mock-patch.yaml @@ -14,4 +14,4 @@ spec: cpu: "256m" limits: memory: "1024Mi" - cpu: "1024m" \ No newline at end of file + cpu: "1024m" diff --git a/.github/kustomize/overlays/dev/deployment-product-service-patch.yaml b/.github/kustomize/overlays/dev/deployment-product-service-patch.yaml index ed481ca..8fc754a 100644 --- a/.github/kustomize/overlays/dev/deployment-product-service-patch.yaml +++ b/.github/kustomize/overlays/dev/deployment-product-service-patch.yaml @@ -14,4 +14,4 @@ spec: cpu: "256m" limits: memory: "1024Mi" - cpu: "1024m" \ No newline at end of file + cpu: "1024m" diff --git a/.github/kustomize/overlays/dev/deployment-user-service-patch.yaml b/.github/kustomize/overlays/dev/deployment-user-service-patch.yaml index 611c4e3..f1fb30e 100644 --- a/.github/kustomize/overlays/dev/deployment-user-service-patch.yaml +++ b/.github/kustomize/overlays/dev/deployment-user-service-patch.yaml @@ -14,4 +14,4 @@ spec: cpu: "256m" limits: memory: "1024Mi" - cpu: "1024m" \ No newline at end of file + cpu: "1024m" diff --git a/.github/kustomize/overlays/dev/ingress-patch.yaml b/.github/kustomize/overlays/dev/ingress-patch.yaml index 8fb360e..2ab0ccd 100644 --- a/.github/kustomize/overlays/dev/ingress-patch.yaml +++ b/.github/kustomize/overlays/dev/ingress-patch.yaml @@ -45,4 +45,4 @@ spec: service: name: kos-mock port: - number: 80 \ No newline at end of file + number: 80 diff --git a/.github/kustomize/overlays/dev/kustomization.yaml b/.github/kustomize/overlays/dev/kustomization.yaml index 0723c59..1ee94f6 100644 --- a/.github/kustomize/overlays/dev/kustomization.yaml +++ b/.github/kustomize/overlays/dev/kustomization.yaml @@ -7,51 +7,62 @@ resources: - ../../base patches: + # Common patches - path: cm-common-patch.yaml target: kind: ConfigMap name: cm-common - - path: deployment-api-gateway-patch.yaml - target: - kind: Deployment - name: api-gateway - - path: deployment-user-service-patch.yaml - target: - kind: Deployment - name: user-service - - path: deployment-bill-service-patch.yaml - target: - kind: Deployment - name: bill-service - - path: deployment-product-service-patch.yaml - target: - kind: Deployment - name: product-service - - path: deployment-kos-mock-patch.yaml - target: - kind: Deployment - name: kos-mock - - path: ingress-patch.yaml - target: - kind: Ingress - name: phonebill - path: secret-common-patch.yaml target: kind: Secret name: secret-common + - path: ingress-patch.yaml + target: + kind: Ingress + name: phonebill + + # API Gateway patches + - path: deployment-api-gateway-patch.yaml + target: + kind: Deployment + name: api-gateway + + # User Service patches + - path: deployment-user-service-patch.yaml + target: + kind: Deployment + name: user-service - path: secret-user-service-patch.yaml target: kind: Secret name: secret-user-service + + # Bill Service patches + - path: deployment-bill-service-patch.yaml + target: + kind: Deployment + name: bill-service - path: secret-bill-service-patch.yaml target: kind: Secret name: secret-bill-service + + # Product Service patches + - path: deployment-product-service-patch.yaml + target: + kind: Deployment + name: product-service - path: secret-product-service-patch.yaml target: kind: Secret name: secret-product-service + # KOS Mock patches + - path: deployment-kos-mock-patch.yaml + target: + kind: Deployment + name: kos-mock + images: - name: acrdigitalgarage01.azurecr.io/phonebill/api-gateway newTag: dev-latest @@ -62,4 +73,4 @@ images: - name: acrdigitalgarage01.azurecr.io/phonebill/product-service newTag: dev-latest - name: acrdigitalgarage01.azurecr.io/phonebill/kos-mock - newTag: dev-latest \ No newline at end of file + newTag: dev-latest diff --git a/.github/kustomize/overlays/dev/secret-common-patch.yaml b/.github/kustomize/overlays/dev/secret-common-patch.yaml index 53795ab..e81141b 100644 --- a/.github/kustomize/overlays/dev/secret-common-patch.yaml +++ b/.github/kustomize/overlays/dev/secret-common-patch.yaml @@ -6,4 +6,4 @@ type: Opaque stringData: JWT_SECRET: "nwe5Yo9qaJ6FBD/Thl2/j6/SFAfNwUorAY1ZcWO2KI7uA4bmVLOCPxE9hYuUpRCOkgV2UF2DdHXtqHi3+BU/ecbz2zpHyf/720h48UbA3XOMYOX1sdM+dQ==" REDIS_HOST: "redis-cache-dev-master" - REDIS_PASSWORD: "Redis2025Dev@" \ No newline at end of file + REDIS_PASSWORD: "Redis2025Dev@" diff --git a/.github/kustomize/overlays/dev/secret-product-service-patch.yaml b/.github/kustomize/overlays/dev/secret-product-service-patch.yaml index e773ec9..a607e53 100644 --- a/.github/kustomize/overlays/dev/secret-product-service-patch.yaml +++ b/.github/kustomize/overlays/dev/secret-product-service-patch.yaml @@ -7,4 +7,4 @@ stringData: DB_HOST: "product-change-postgres-dev-postgresql" DB_NAME: "product_change_db" DB_USERNAME: "product_change_user" - DB_PASSWORD: "ProductUser2025@" \ No newline at end of file + DB_PASSWORD: "ProductUser2025@" diff --git a/.github/kustomize/overlays/dev/secret-user-service-patch.yaml b/.github/kustomize/overlays/dev/secret-user-service-patch.yaml index 8424423..fc49850 100644 --- a/.github/kustomize/overlays/dev/secret-user-service-patch.yaml +++ b/.github/kustomize/overlays/dev/secret-user-service-patch.yaml @@ -7,4 +7,4 @@ stringData: DB_HOST: "auth-postgres-dev-postgresql" DB_NAME: "phonebill_auth" DB_USERNAME: "auth_user" - DB_PASSWORD: "AuthUser2025@" \ No newline at end of file + DB_PASSWORD: "AuthUser2025@" diff --git a/.github/kustomize/overlays/prod/cm-common-patch.yaml b/.github/kustomize/overlays/prod/cm-common-patch.yaml index 9888684..204fc8f 100644 --- a/.github/kustomize/overlays/prod/cm-common-patch.yaml +++ b/.github/kustomize/overlays/prod/cm-common-patch.yaml @@ -3,9 +3,9 @@ kind: ConfigMap metadata: name: cm-common data: - CORS_ALLOWED_ORIGINS: "https://phonebill.digitalgarage.com,https://phonebill-prod.digitalgarage.com" - JWT_ACCESS_TOKEN_VALIDITY: "3600000" - JWT_REFRESH_TOKEN_VALIDITY: "43200000" + CORS_ALLOWED_ORIGINS: "https://phonebill.example.com" + JWT_ACCESS_TOKEN_VALIDITY: "1800000" + JWT_REFRESH_TOKEN_VALIDITY: "86400000" REDIS_PORT: "6379" SPRING_PROFILES_ACTIVE: "prod" - DDL_AUTO: "validate" \ No newline at end of file + DDL_AUTO: "validate" diff --git a/.github/kustomize/overlays/prod/ingress-patch.yaml b/.github/kustomize/overlays/prod/ingress-patch.yaml index bad44da..0568be8 100644 --- a/.github/kustomize/overlays/prod/ingress-patch.yaml +++ b/.github/kustomize/overlays/prod/ingress-patch.yaml @@ -10,10 +10,10 @@ spec: ingressClassName: nginx tls: - hosts: - - phonebill.digitalgarage.com + - phonebill.example.com secretName: phonebill-prod-tls rules: - - host: phonebill.digitalgarage.com + - host: phonebill.example.com http: paths: - path: /api/v1/auth @@ -50,4 +50,4 @@ spec: service: name: kos-mock port: - number: 80 \ No newline at end of file + number: 80 diff --git a/.github/kustomize/overlays/prod/kustomization.yaml b/.github/kustomize/overlays/prod/kustomization.yaml index 2cafbfe..e57c042 100644 --- a/.github/kustomize/overlays/prod/kustomization.yaml +++ b/.github/kustomize/overlays/prod/kustomization.yaml @@ -7,51 +7,62 @@ resources: - ../../base patches: + # Common patches - path: cm-common-patch.yaml target: kind: ConfigMap name: cm-common - - path: deployment-api-gateway-patch.yaml - target: - kind: Deployment - name: api-gateway - - path: deployment-user-service-patch.yaml - target: - kind: Deployment - name: user-service - - path: deployment-bill-service-patch.yaml - target: - kind: Deployment - name: bill-service - - path: deployment-product-service-patch.yaml - target: - kind: Deployment - name: product-service - - path: deployment-kos-mock-patch.yaml - target: - kind: Deployment - name: kos-mock - - path: ingress-patch.yaml - target: - kind: Ingress - name: phonebill - path: secret-common-patch.yaml target: kind: Secret name: secret-common + - path: ingress-patch.yaml + target: + kind: Ingress + name: phonebill + + # API Gateway patches + - path: deployment-api-gateway-patch.yaml + target: + kind: Deployment + name: api-gateway + + # User Service patches + - path: deployment-user-service-patch.yaml + target: + kind: Deployment + name: user-service - path: secret-user-service-patch.yaml target: kind: Secret name: secret-user-service + + # Bill Service patches + - path: deployment-bill-service-patch.yaml + target: + kind: Deployment + name: bill-service - path: secret-bill-service-patch.yaml target: kind: Secret name: secret-bill-service + + # Product Service patches + - path: deployment-product-service-patch.yaml + target: + kind: Deployment + name: product-service - path: secret-product-service-patch.yaml target: kind: Secret name: secret-product-service + # KOS Mock patches + - path: deployment-kos-mock-patch.yaml + target: + kind: Deployment + name: kos-mock + images: - name: acrdigitalgarage01.azurecr.io/phonebill/api-gateway newTag: prod-latest @@ -62,4 +73,4 @@ images: - name: acrdigitalgarage01.azurecr.io/phonebill/product-service newTag: prod-latest - name: acrdigitalgarage01.azurecr.io/phonebill/kos-mock - newTag: prod-latest \ No newline at end of file + newTag: prod-latest diff --git a/.github/kustomize/overlays/prod/secret-bill-service-patch.yaml b/.github/kustomize/overlays/prod/secret-bill-service-patch.yaml index caaa7cf..d763c43 100644 --- a/.github/kustomize/overlays/prod/secret-bill-service-patch.yaml +++ b/.github/kustomize/overlays/prod/secret-bill-service-patch.yaml @@ -4,7 +4,7 @@ metadata: name: secret-bill-service type: Opaque stringData: - DB_HOST: "bill-inquiry-postgres-dev-postgresql" + DB_HOST: "bill-inquiry-postgres-prod-postgresql" DB_NAME: "bill_inquiry_db" DB_USERNAME: "bill_inquiry_user" - DB_PASSWORD: "BillUser2025@" + DB_PASSWORD: "BillUserProd2025@" diff --git a/.github/kustomize/overlays/prod/secret-common-patch.yaml b/.github/kustomize/overlays/prod/secret-common-patch.yaml index 53795ab..9ee4e78 100644 --- a/.github/kustomize/overlays/prod/secret-common-patch.yaml +++ b/.github/kustomize/overlays/prod/secret-common-patch.yaml @@ -5,5 +5,5 @@ metadata: type: Opaque stringData: JWT_SECRET: "nwe5Yo9qaJ6FBD/Thl2/j6/SFAfNwUorAY1ZcWO2KI7uA4bmVLOCPxE9hYuUpRCOkgV2UF2DdHXtqHi3+BU/ecbz2zpHyf/720h48UbA3XOMYOX1sdM+dQ==" - REDIS_HOST: "redis-cache-dev-master" - REDIS_PASSWORD: "Redis2025Dev@" \ No newline at end of file + REDIS_HOST: "redis-cache-prod-master" + REDIS_PASSWORD: "Redis2025Prod@" diff --git a/.github/kustomize/overlays/prod/secret-product-service-patch.yaml b/.github/kustomize/overlays/prod/secret-product-service-patch.yaml index e773ec9..f2fb05f 100644 --- a/.github/kustomize/overlays/prod/secret-product-service-patch.yaml +++ b/.github/kustomize/overlays/prod/secret-product-service-patch.yaml @@ -4,7 +4,7 @@ metadata: name: secret-product-service type: Opaque stringData: - DB_HOST: "product-change-postgres-dev-postgresql" + DB_HOST: "product-change-postgres-prod-postgresql" DB_NAME: "product_change_db" DB_USERNAME: "product_change_user" - DB_PASSWORD: "ProductUser2025@" \ No newline at end of file + DB_PASSWORD: "ProductUserProd2025@" diff --git a/.github/kustomize/overlays/prod/secret-user-service-patch.yaml b/.github/kustomize/overlays/prod/secret-user-service-patch.yaml index 8424423..d3ab2fc 100644 --- a/.github/kustomize/overlays/prod/secret-user-service-patch.yaml +++ b/.github/kustomize/overlays/prod/secret-user-service-patch.yaml @@ -4,7 +4,7 @@ metadata: name: secret-user-service type: Opaque stringData: - DB_HOST: "auth-postgres-dev-postgresql" + DB_HOST: "auth-postgres-prod-postgresql" DB_NAME: "phonebill_auth" DB_USERNAME: "auth_user" - DB_PASSWORD: "AuthUser2025@" \ No newline at end of file + DB_PASSWORD: "AuthUserProd2025@" diff --git a/.github/kustomize/overlays/staging/cm-common-patch.yaml b/.github/kustomize/overlays/staging/cm-common-patch.yaml index 335a19e..8a41fda 100644 --- a/.github/kustomize/overlays/staging/cm-common-patch.yaml +++ b/.github/kustomize/overlays/staging/cm-common-patch.yaml @@ -3,9 +3,9 @@ kind: ConfigMap metadata: name: cm-common data: - CORS_ALLOWED_ORIGINS: "https://phonebill.staging.digitalgarage.com,https://phonebill-staging.digitalgarage.com" - JWT_ACCESS_TOKEN_VALIDITY: "18000000" + CORS_ALLOWED_ORIGINS: "https://phonebill-staging.example.com" + JWT_ACCESS_TOKEN_VALIDITY: "3600000" JWT_REFRESH_TOKEN_VALIDITY: "86400000" REDIS_PORT: "6379" SPRING_PROFILES_ACTIVE: "staging" - DDL_AUTO: "validate" \ No newline at end of file + DDL_AUTO: "validate" diff --git a/.github/kustomize/overlays/staging/ingress-patch.yaml b/.github/kustomize/overlays/staging/ingress-patch.yaml index 4487e4f..a5fdb32 100644 --- a/.github/kustomize/overlays/staging/ingress-patch.yaml +++ b/.github/kustomize/overlays/staging/ingress-patch.yaml @@ -10,10 +10,10 @@ spec: ingressClassName: nginx tls: - hosts: - - phonebill-staging.digitalgarage.com + - phonebill-staging.example.com secretName: phonebill-staging-tls rules: - - host: phonebill-staging.digitalgarage.com + - host: phonebill-staging.example.com http: paths: - path: /api/v1/auth @@ -50,4 +50,4 @@ spec: service: name: kos-mock port: - number: 80 \ No newline at end of file + number: 80 diff --git a/.github/kustomize/overlays/staging/kustomization.yaml b/.github/kustomize/overlays/staging/kustomization.yaml index 7dad525..f6ab6ae 100644 --- a/.github/kustomize/overlays/staging/kustomization.yaml +++ b/.github/kustomize/overlays/staging/kustomization.yaml @@ -7,51 +7,62 @@ resources: - ../../base patches: + # Common patches - path: cm-common-patch.yaml target: kind: ConfigMap name: cm-common - - path: deployment-api-gateway-patch.yaml - target: - kind: Deployment - name: api-gateway - - path: deployment-user-service-patch.yaml - target: - kind: Deployment - name: user-service - - path: deployment-bill-service-patch.yaml - target: - kind: Deployment - name: bill-service - - path: deployment-product-service-patch.yaml - target: - kind: Deployment - name: product-service - - path: deployment-kos-mock-patch.yaml - target: - kind: Deployment - name: kos-mock - - path: ingress-patch.yaml - target: - kind: Ingress - name: phonebill - path: secret-common-patch.yaml target: kind: Secret name: secret-common + - path: ingress-patch.yaml + target: + kind: Ingress + name: phonebill + + # API Gateway patches + - path: deployment-api-gateway-patch.yaml + target: + kind: Deployment + name: api-gateway + + # User Service patches + - path: deployment-user-service-patch.yaml + target: + kind: Deployment + name: user-service - path: secret-user-service-patch.yaml target: kind: Secret name: secret-user-service + + # Bill Service patches + - path: deployment-bill-service-patch.yaml + target: + kind: Deployment + name: bill-service - path: secret-bill-service-patch.yaml target: kind: Secret name: secret-bill-service + + # Product Service patches + - path: deployment-product-service-patch.yaml + target: + kind: Deployment + name: product-service - path: secret-product-service-patch.yaml target: kind: Secret name: secret-product-service + # KOS Mock patches + - path: deployment-kos-mock-patch.yaml + target: + kind: Deployment + name: kos-mock + images: - name: acrdigitalgarage01.azurecr.io/phonebill/api-gateway newTag: staging-latest @@ -62,4 +73,4 @@ images: - name: acrdigitalgarage01.azurecr.io/phonebill/product-service newTag: staging-latest - name: acrdigitalgarage01.azurecr.io/phonebill/kos-mock - newTag: staging-latest \ No newline at end of file + newTag: staging-latest diff --git a/.github/kustomize/overlays/staging/secret-bill-service-patch.yaml b/.github/kustomize/overlays/staging/secret-bill-service-patch.yaml index caaa7cf..00dca75 100644 --- a/.github/kustomize/overlays/staging/secret-bill-service-patch.yaml +++ b/.github/kustomize/overlays/staging/secret-bill-service-patch.yaml @@ -4,7 +4,7 @@ metadata: name: secret-bill-service type: Opaque stringData: - DB_HOST: "bill-inquiry-postgres-dev-postgresql" + DB_HOST: "bill-inquiry-postgres-staging-postgresql" DB_NAME: "bill_inquiry_db" DB_USERNAME: "bill_inquiry_user" - DB_PASSWORD: "BillUser2025@" + DB_PASSWORD: "BillUserStaging2025@" diff --git a/.github/kustomize/overlays/staging/secret-common-patch.yaml b/.github/kustomize/overlays/staging/secret-common-patch.yaml index 53795ab..40cde69 100644 --- a/.github/kustomize/overlays/staging/secret-common-patch.yaml +++ b/.github/kustomize/overlays/staging/secret-common-patch.yaml @@ -5,5 +5,5 @@ metadata: type: Opaque stringData: JWT_SECRET: "nwe5Yo9qaJ6FBD/Thl2/j6/SFAfNwUorAY1ZcWO2KI7uA4bmVLOCPxE9hYuUpRCOkgV2UF2DdHXtqHi3+BU/ecbz2zpHyf/720h48UbA3XOMYOX1sdM+dQ==" - REDIS_HOST: "redis-cache-dev-master" - REDIS_PASSWORD: "Redis2025Dev@" \ No newline at end of file + REDIS_HOST: "redis-cache-staging-master" + REDIS_PASSWORD: "Redis2025Staging@" diff --git a/.github/kustomize/overlays/staging/secret-product-service-patch.yaml b/.github/kustomize/overlays/staging/secret-product-service-patch.yaml index e773ec9..5e89049 100644 --- a/.github/kustomize/overlays/staging/secret-product-service-patch.yaml +++ b/.github/kustomize/overlays/staging/secret-product-service-patch.yaml @@ -4,7 +4,7 @@ metadata: name: secret-product-service type: Opaque stringData: - DB_HOST: "product-change-postgres-dev-postgresql" + DB_HOST: "product-change-postgres-staging-postgresql" DB_NAME: "product_change_db" DB_USERNAME: "product_change_user" - DB_PASSWORD: "ProductUser2025@" \ No newline at end of file + DB_PASSWORD: "ProductUserStaging2025@" diff --git a/.github/kustomize/overlays/staging/secret-user-service-patch.yaml b/.github/kustomize/overlays/staging/secret-user-service-patch.yaml index 8424423..8d18fe4 100644 --- a/.github/kustomize/overlays/staging/secret-user-service-patch.yaml +++ b/.github/kustomize/overlays/staging/secret-user-service-patch.yaml @@ -4,7 +4,7 @@ metadata: name: secret-user-service type: Opaque stringData: - DB_HOST: "auth-postgres-dev-postgresql" + DB_HOST: "auth-postgres-staging-postgresql" DB_NAME: "phonebill_auth" DB_USERNAME: "auth_user" - DB_PASSWORD: "AuthUser2025@" \ No newline at end of file + DB_PASSWORD: "AuthUserStaging2025@" diff --git a/.github/scripts/deploy-actions.sh b/.github/scripts/deploy-actions.sh old mode 100755 new mode 100644 index 75c0412..ebb137f --- a/.github/scripts/deploy-actions.sh +++ b/.github/scripts/deploy-actions.sh @@ -61,4 +61,4 @@ kubectl get pods -n phonebill-dg0500 kubectl get services -n phonebill-dg0500 kubectl get ingress -n phonebill-dg0500 -echo "βœ… GitHub Actions deployment completed successfully!" \ No newline at end of file +echo "βœ… GitHub Actions deployment completed successfully!" diff --git a/.github/workflows/backend-cicd.yaml b/.github/workflows/backend-cicd.yaml index c3e67e9..35dea4b 100644 --- a/.github/workflows/backend-cicd.yaml +++ b/.github/workflows/backend-cicd.yaml @@ -38,13 +38,15 @@ env: IMAGE_ORG: phonebill RESOURCE_GROUP: rg-digitalgarage-01 AKS_CLUSTER: aks-digitalgarage-01 + NAMESPACE: phonebill-dg0500 jobs: build: name: Build and Test runs-on: ubuntu-latest outputs: - image_tag: ${{ steps.set_outputs.outputs.image_tag }} + #image_tag: ${{ steps.set_outputs.outputs.image_tag }} + image_tag: dg0500 environment: ${{ steps.set_outputs.outputs.environment }} steps: @@ -129,8 +131,8 @@ jobs: # Run tests, coverage reports, and SonarQube analysis for each service for service in "${services[@]}"; do ./gradlew :$service:test :$service:jacocoTestReport :$service:sonar \ - -Dsonar.projectKey=phonebill-$service-dg0500 \ - -Dsonar.projectName=phonebill-$service-dg0500 \ + -Dsonar.projectKey=phonebill-$service-${{ steps.determine_env.outputs.environment }} \ + -Dsonar.projectName=phonebill-$service-${{ steps.determine_env.outputs.environment }} \ -Dsonar.host.url=$SONAR_HOST_URL \ -Dsonar.token=$SONAR_TOKEN \ -Dsonar.java.binaries=build/classes/java/main \ @@ -153,8 +155,7 @@ jobs: id: set_outputs run: | # Generate timestamp for image tag - #IMAGE_TAG=$(date +%Y%m%d%H%M%S) - IMAGE_TAG=dg0500 + IMAGE_TAG=$(date +%Y%m%d%H%M%S) echo "image_tag=$IMAGE_TAG" >> $GITHUB_OUTPUT echo "environment=${{ steps.determine_env.outputs.environment }}" >> $GITHUB_OUTPUT @@ -244,7 +245,7 @@ jobs: - name: Create namespace run: | - kubectl create namespace phonebill-dg0500 --dry-run=client -o yaml | kubectl apply -f - + kubectl create namespace ${{ env.NAMESPACE }} --dry-run=client -o yaml | kubectl apply -f - - name: Install Kustomize run: | @@ -269,8 +270,8 @@ jobs: - name: Wait for deployments to be ready run: | echo "Waiting for deployments to be ready..." - kubectl -n phonebill-dg0500 wait --for=condition=available deployment/api-gateway --timeout=300s - kubectl -n phonebill-dg0500 wait --for=condition=available deployment/user-service --timeout=300s - kubectl -n phonebill-dg0500 wait --for=condition=available deployment/bill-service --timeout=300s - kubectl -n phonebill-dg0500 wait --for=condition=available deployment/product-service --timeout=300s - kubectl -n phonebill-dg0500 wait --for=condition=available deployment/kos-mock --timeout=300s \ No newline at end of file + kubectl -n ${{ env.NAMESPACE }} wait --for=condition=available deployment/api-gateway --timeout=300s + kubectl -n ${{ env.NAMESPACE }} wait --for=condition=available deployment/user-service --timeout=300s + kubectl -n ${{ env.NAMESPACE }} wait --for=condition=available deployment/bill-service --timeout=300s + kubectl -n ${{ env.NAMESPACE }} wait --for=condition=available deployment/product-service --timeout=300s + kubectl -n ${{ env.NAMESPACE }} wait --for=condition=available deployment/kos-mock --timeout=300s diff --git a/.github/workflows/backend-cicd_ArgoCD.yaml b/.github/workflows/backend-cicd_ArgoCD.yaml deleted file mode 100644 index adaced7..0000000 --- a/.github/workflows/backend-cicd_ArgoCD.yaml +++ /dev/null @@ -1,254 +0,0 @@ -name: Backend Services CI/CD - -on: - push: - branches: [ main, develop ] - paths: - - 'api-gateway/**' - - 'user-service/**' - - 'bill-service/**' - - 'product-service/**' - - 'kos-mock/**' - - 'common/**' - - '.github/**' - pull_request: - branches: [ main ] - workflow_dispatch: - inputs: - ENVIRONMENT: - description: 'Target environment' - required: true - default: 'dev' - type: choice - options: - - dev - - staging - - prod - SKIP_SONARQUBE: - description: 'Skip SonarQube Analysis' - required: false - default: 'true' - type: choice - options: - - 'true' - - 'false' - -env: - REGISTRY: acrdigitalgarage01.azurecr.io - IMAGE_ORG: phonebill - RESOURCE_GROUP: rg-digitalgarage-01 - AKS_CLUSTER: aks-digitalgarage-01 - -jobs: - build: - name: Build and Test - runs-on: ubuntu-latest - outputs: - image_tag: ${{ steps.set_outputs.outputs.image_tag }} - environment: ${{ steps.set_outputs.outputs.environment }} - - steps: - - name: Check out code - uses: actions/checkout@v4 - - - name: Set up JDK 21 - uses: actions/setup-java@v3 - with: - java-version: '21' - distribution: 'temurin' - cache: 'gradle' - - - name: Determine environment - id: determine_env - run: | - # Use input parameter or default to 'dev' - ENVIRONMENT="${{ github.event.inputs.ENVIRONMENT || 'dev' }}" - echo "environment=$ENVIRONMENT" >> $GITHUB_OUTPUT - - - name: Load environment variables - id: env_vars - run: | - ENV=${{ steps.determine_env.outputs.environment }} - - # Initialize variables with defaults - REGISTRY="acrdigitalgarage01.azurecr.io" - IMAGE_ORG="phonebill" - RESOURCE_GROUP="rg-digitalgarage-01" - AKS_CLUSTER="aks-digitalgarage-01" - NAMESPACE="phonebill-dg0500" - - # Read environment variables from .github/config file - if [[ -f ".github/config/deploy_env_vars_${ENV}" ]]; then - while IFS= read -r line || [[ -n "$line" ]]; do - # Skip comments and empty lines - [[ "$line" =~ ^#.*$ ]] && continue - [[ -z "$line" ]] && continue - - # Extract key-value pairs - key=$(echo "$line" | cut -d '=' -f1) - value=$(echo "$line" | cut -d '=' -f2-) - - # Override defaults if found in config - case "$key" in - "resource_group") RESOURCE_GROUP="$value" ;; - "cluster_name") AKS_CLUSTER="$value" ;; - esac - done < ".github/config/deploy_env_vars_${ENV}" - fi - - # Export for other jobs - echo "REGISTRY=$REGISTRY" >> $GITHUB_ENV - echo "IMAGE_ORG=$IMAGE_ORG" >> $GITHUB_ENV - echo "RESOURCE_GROUP=$RESOURCE_GROUP" >> $GITHUB_ENV - echo "AKS_CLUSTER=$AKS_CLUSTER" >> $GITHUB_ENV - - - name: Grant execute permission for gradlew - run: chmod +x gradlew - - - name: Build with Gradle - run: | - ./gradlew build -x test - - - name: SonarQube Analysis & Quality Gate - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} - SONAR_HOST_URL: ${{ secrets.SONAR_HOST_URL }} - run: | - # Check if SonarQube should be skipped - SKIP_SONARQUBE="${{ github.event.inputs.SKIP_SONARQUBE || 'true' }}" - - if [[ "$SKIP_SONARQUBE" == "true" ]]; then - echo "⏭️ Skipping SonarQube Analysis (SKIP_SONARQUBE=$SKIP_SONARQUBE)" - exit 0 - fi - - # Define services array - services=(api-gateway user-service bill-service product-service kos-mock) - - # Run tests, coverage reports, and SonarQube analysis for each service - for service in "${services[@]}"; do - ./gradlew :$service:test :$service:jacocoTestReport :$service:sonar \ - -Dsonar.projectKey=phonebill-$service-dg0500 \ - -Dsonar.projectName=phonebill-$service-dg0500 \ - -Dsonar.host.url=$SONAR_HOST_URL \ - -Dsonar.token=$SONAR_TOKEN \ - -Dsonar.java.binaries=build/classes/java/main \ - -Dsonar.coverage.jacoco.xmlReportPaths=build/reports/jacoco/test/jacocoTestReport.xml \ - -Dsonar.exclusions=**/config/**,**/entity/**,**/dto/**,**/*Application.class,**/exception/** - done - - - name: Upload build artifacts - uses: actions/upload-artifact@v4 - with: - name: app-builds - path: | - api-gateway/build/libs/*.jar - user-service/build/libs/*.jar - bill-service/build/libs/*.jar - product-service/build/libs/*.jar - kos-mock/build/libs/*.jar - - - name: Set outputs - id: set_outputs - run: | - # Generate timestamp for image tag - #IMAGE_TAG=$(date +%Y%m%d%H%M%S) - IMAGE_TAG=dg0500 - echo "image_tag=$IMAGE_TAG" >> $GITHUB_OUTPUT - echo "environment=${{ steps.determine_env.outputs.environment }}" >> $GITHUB_OUTPUT - - release: - name: Build and Push Docker Images - needs: build - runs-on: ubuntu-latest - - steps: - - name: Check out code - uses: actions/checkout@v4 - - - name: Download build artifacts - uses: actions/download-artifact@v4 - with: - name: app-builds - - - name: Set environment variables from build job - run: | - echo "REGISTRY=${{ env.REGISTRY }}" >> $GITHUB_ENV - echo "IMAGE_ORG=${{ env.IMAGE_ORG }}" >> $GITHUB_ENV - echo "ENVIRONMENT=${{ needs.build.outputs.environment }}" >> $GITHUB_ENV - echo "IMAGE_TAG=${{ needs.build.outputs.image_tag }}" >> $GITHUB_ENV - - - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v3 - - - name: Login to Docker Hub (prevent rate limit) - uses: docker/login-action@v3 - with: - username: ${{ secrets.DOCKERHUB_USERNAME }} - password: ${{ secrets.DOCKERHUB_PASSWORD }} - - - name: Login to Azure Container Registry - uses: docker/login-action@v3 - with: - registry: ${{ env.REGISTRY }} - username: ${{ secrets.ACR_USERNAME }} - password: ${{ secrets.ACR_PASSWORD }} - - - name: Build and push Docker images for all services - run: | - # Define services array - services=(api-gateway user-service bill-service product-service kos-mock) - - # Build and push each service image - for service in "${services[@]}"; do - echo "Building and pushing $service..." - docker build \ - --build-arg BUILD_LIB_DIR="$service/build/libs" \ - --build-arg ARTIFACTORY_FILE="$service.jar" \ - -f deployment/container/Dockerfile-backend \ - -t ${{ env.REGISTRY }}/${{ env.IMAGE_ORG }}/$service:${{ needs.build.outputs.environment }}-${{ needs.build.outputs.image_tag }} . - - docker push ${{ env.REGISTRY }}/${{ env.IMAGE_ORG }}/$service:${{ needs.build.outputs.environment }}-${{ needs.build.outputs.image_tag }} - done - - update-manifest: - name: Update Manifest Repository - needs: [build, release] - runs-on: ubuntu-latest - - steps: - - name: Set image tag environment variable - run: | - echo "IMAGE_TAG=${{ needs.build.outputs.image_tag }}" >> $GITHUB_ENV - echo "ENVIRONMENT=${{ needs.build.outputs.environment }}" >> $GITHUB_ENV - - - name: Update Manifest Repository - run: | - # λ§€λ‹ˆνŽ˜μŠ€νŠΈ λ ˆν¬μ§€ν† λ¦¬ 클둠 - REPO_URL=$(echo "https://github.com/cna-bootcamp/phonebill-manifest.git" | sed 's|https://||') - git clone https://${{ secrets.GIT_USERNAME }}:${{ secrets.GIT_PASSWORD }}@${REPO_URL} manifest-repo - cd manifest-repo - - # Kustomize μ„€μΉ˜ - curl -s "https://raw.githubusercontent.com/kubernetes-sigs/kustomize/master/hack/install_kustomize.sh" | bash - sudo mv kustomize /usr/local/bin/ - - # λ§€λ‹ˆνŽ˜μŠ€νŠΈ μ—…λ°μ΄νŠΈ - cd phonebill/kustomize/overlays/${{ env.ENVIRONMENT }} - - # 각 μ„œλΉ„μŠ€λ³„ 이미지 νƒœκ·Έ μ—…λ°μ΄νŠΈ - services="api-gateway user-service bill-service product-service kos-mock" - for service in $services; do - kustomize edit set image acrdigitalgarage01.azurecr.io/phonebill/$service:${{ env.ENVIRONMENT }}-${{ env.IMAGE_TAG }} - done - - # Git μ„€μ • 및 ν‘Έμ‹œ - cd ../../../.. - git config user.name "GitHub Actions" - git config user.email "actions@github.com" - git add . - git commit -m "πŸš€ Update phonebill ${{ env.ENVIRONMENT }} images to ${{ env.ENVIRONMENT }}-${{ env.IMAGE_TAG }}" - git push origin main - - echo "βœ… λ§€λ‹ˆνŽ˜μŠ€νŠΈ μ—…λ°μ΄νŠΈ μ™„λ£Œ. ArgoCDκ°€ μžλ™μœΌλ‘œ λ°°ν¬ν•©λ‹ˆλ‹€." \ No newline at end of file